Eric Council Jr. used SIM swap to hack SEC’s official X account.
False Bitcoin ETF tweet caused Bitcoin price swings over $3,000.
Council sentenced to 14 months prison plus $50,000 forfeiture and supervised release.
An Alabama man received a 14-month prison sentence for hacking the U.S. Securities and Exchange Commission’s (SEC) official X account. Eric Council Jr., 26, carried out a SIM swap attack that led to a false tweet claiming SEC approval of spot Bitcoin ETFs. This incident caused rapid and significant price swings in Bitcoin during January 2024.
The Attack, Legal Proceedings and Evidence
Council conspired with others to take over a phone number linked to the SEC’s Gov X account. He used a fake ID at an AT&T store on January 9, 2024, to obtain a SIM card tied to that number. After activating the SIM on a new phone, Council received password reset codes for the SEC’s social media profile.
He explained the codes to his accomplices, who took over the SEC’s account and added a false report about Bitcoin ETF approval. Shortly after reaching over $1,000, Bitcoin dropped back over $2,000 once the SEC stated the claim was not true. Even though the Council did not write the fake tweet, it was alleged by prosecutors that he was very important in the scheme.
Council pleaded guilty to conspiracy to commit aggravated identity theft in February 2024. Authorities arrested him in October 2024. During the investigation, agents uncovered multiple attempted SIM swaps and identity frauds linked to Council. They found a fake ID, a portable ID printer, and forged document templates at his residence.
His internet history revealed searches such as “SECGOV hack” and “signs the FBI is after you.” Additionally, a video surfaced in February where Council admitted his involvement, blamed SEC cybersecurity, and minimized his role. Prosecutors included this video in their sentencing recommendation.
Sentencing Details and SEC Cybersecurity Issues Revealed
Judge Amy Berman Jackson sentenced Council to 14 months in prison, which was 10 months less than prosecutors requested. The sentence also includes a forfeiture of $50,000—profits Council earned from SIM swaps—and three years of supervised release following imprisonment. Council’s defense cited no prior criminal history and mental health issues related to marijuana use as reasons for leniency.
The breach exposed weaknesses in SEC cybersecurity. A prior report indicated the agency’s systems were “not effective” and required improvements. The irony followed when the SEC officially approved Bitcoin ETFs just one day after the false tweet appeared.
The hacking event demonstrated how vulnerable government agency accounts can be to SIM swap attacks. It also showed how such attacks can impact financial markets within minutes, causing swift and volatile price changes. Council’s sentencing sends a clear message about consequences for cyberattacks targeting government institutions. The case remains an example of the risks posed by weak mobile security and social media account protections.
